Hacking and Securing Cloud Infrastructure

NEW
2 Days
2020 Edition

This 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

Click here to view our March 2020 Free Webinar Recording

Class Overview

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This class covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Course Takeaway

Our own customized version of kali linux with inhouse developed scripts and tools to help with hacking auditing and securing Cloud.

Class Details

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Introduction to Cloud Computing

  • Introduction to cloud and why cloud security matters
  • Comparison with conventional security models
  • Shared responsibility model
  • Legalities around Cloud Pentesting

Enumeration of Cloud environments

  • DNS based enumeration
  • OSINT techniques for cloud-based asset

Gaining Entry in Cloud Environment

  • Serverless based attacks (AWS Lambda / Azure & Google functions)
  • Web application Attacks
  • Exposed Service ports

Attacking Specific Cloud Services

  • Storage Attacks
  • Azure AD Attacks
  • Containers and Kubernetes Clusters
  • IAM Misconfiguration Attacks
  • Roles and permissions-based attacks
  • Attacking Cognito misconfigurations

Post - Exploitation

  • Persistence in Cloud
  • Post exploit enumeration
  • Snapshot access
  • Backdooring the account

Auditing and Benchmarking of Cloud

  • Preparing for the audit
  • Automated auditing via tools
  • Golden Image / Docker image audits
  • Relevant Benchmarks for cloud

Defense: Identification of cloud assets

  • Inventory Extraction for AWS, Azure and GCP
  • Continuous inventory management

Defense: Protection of Cloud Assets

  • Principle of least privilege
  • Control Plane and Data Plane Protection
  • Financial Protections
  • Metadata API Protection
  • Cloud specific Protections
  • Windows / Linux IaaS auditing

Defense: Detection of Security issues

  • Setting up Monitoring and logging of the environment
  • Identifying attack patterns from logs
  • Monitoring in multi-cloud environment

Defense: Response to Attacks

  • Automated Defense techniques
  • Cloud Defense Utilities
  • Validation of Setup

Prerequisites

Who Should Take This Class?

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

Prior Pen Test experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.

Student Requirements

Delegates must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.

How to book




    What courses are you interested in?



    Delivery:

    Also Available from our partners below

    UK and Virtual

    Visit

    Global / Remote

    Visit

    Training Events

    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    29th-30th September 2021

    Live Online Training

    Register
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    14-15th October 2021

    Live Online Training (Japan)

    Register
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    25th-26th October 2021

    Live Online Training

    Register
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    15th-17th Nov 2021

    Live online training

    Register
    Cloud Storage

    Cloud Storage

    18th January 2022

    FREE Webinar

    Free Registration
    Cloud: Stealing the Silver Lining

    Cloud: Stealing the Silver Lining

    24th January 2022

    FREE Webinar

    FREE Registration
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    28th Feb-3rd March 2022

    Live online training

    Register
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    28th Feb - 3rd March 2022

    Live Online Training

    Register
    Hacking and Securing Cloud Infrastructure

    Hacking and Securing Cloud Infrastructure

    4th-5th April 2022

    Live Online Training

    Register
    The Anatomy of a Cloud Hack

    The Anatomy of a Cloud Hack

    27th June 2022

    FREE Webinar

    Free Registration
    Cloud: Stealing the Silver Lining

    Cloud: Stealing the Silver Lining

    4th July 2022

    FREE Webinar

    Free Registration

    Hacking Training Classes

    Lab-Based Training - Written by BlackHat Trainers - Available Globally

    NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

    Download the Hacking Classes Brochure

    NotSoSecure Training Journey:

    Beginner Friendly

    Hacking 101

    The Art of Hacking

    2020 Edition

    The Art of Hacking

    =
    2020 Edition

    Infrastructure Hacking

    +
    2020 Edition

    Web Hacking

    Specialist Offensive Classes

    2020 Edition

    Advanced Infrastructure Hacking

    2020 Edition

    Advanced Web Hacking

    NEW

    Hacking and Securing Cloud Infrastructure

    Specialist Defence Classes

    2020 Edition

    AppSec for Developers

    NEW

    DevSecOps

    NEW

    AppSecOps